I have a question for all you experts who have had similar experiences as me:
Is there a solution for this malware on the site? An infection on the Linux server, where we're constantly in the Wordpress script generates files of type wb 5433712.php antimalware program is a malware called Backdoor.PHP.WebShell! E2 It is interesting that the infection has spread to all subdomains and parked domains on hosting.
The worst thing is that this malware also creates .htaccess file which redirected to sites infected and compromised the Russian site. When I check the site ... stopbadvare.org reported that it is infected with some javascript files. I took off the head of VP script on the computer, and also found Malvar: Backdoor.PHP.WebShell! E2Back which successfully deleted.
Is there a solution to the problem on hosting? What would help to prevent the creation and dissemination of these redirects zaraze.stranicama. Now I have a question for all you experts who have had similar experiences as me:
Is there a solution for this malware on the site? An infection on the Linux server, where we're constantly in the Wordpress script generates files of type wb 5433712.php antimalware program is a malware called Backdoor.PHP.WebShell! E2 It is interesting that the infection has spread to all subdomains and parked domains on hosting.
The worst thing is that this malware also creates .htaccess file which redirected to sites infected and compromised the Russian site. When I check the site ... stopbadvare.org reported that it is infected with some javascript files. I took off the head of VP script on the computer, and also found Malware: Backdoor.PHP.WebShell! E2Back which successfully deleted.
Is there a solution to the problem on hosting? What would help to prevent the creation of the redirect and the spread of infection.

I'd need the first 15 characters or so of everything after "decode(""
and will resemble this (base64_decode("DQpzZXRfdGltZV9saW1p

How this stuff got there, I can only imagine (777 DIRs) or a stolen account password, but that's another day.

If you don't find and/or plug the hole, this will most likely repeat itself.

"It is interesting that the infection has spread to all subdomains and parked domains"
Not really. The first thing any decent hacker script does is look for more exploitable weaknesses in Security, and they LOVE those 777 directories.

"Is there a solution for this malware on the site?"
Yes, is WordPress up-to-date/latest?

Is this shared hosting, VPS, or a Dedicated Server?
I'd bet $20.00 this is a cPanel host.

The 5433712.php type files are usually reverse-shells.

You can PM me for a more in-depth course of cleaning or further diagnostics.

Congratulations for your reply, i just worked on it and your answer helped me to focus on finding vulnerabilities. The whole problem is reflected on the reputation of my main web site design studio that is in (public_html) while other sites like addon, i took off and barely mentioned the problem with the door. Yes, it's a Linux VPS Hosting, cPanel, etc. ... so that you get a bet:). However, the main generator problems that i mentioned was in Wordpress, although it comes a new edition. Now i see that the WP introduced compulsory FTP access for each installation accessories. How safe is it for and i am hosting our privacy? Otherwise, you have a better solution for the 301 permanent redirect and that it is not using .htaccess file?

What "installation accessories" (did you mean plugins?) require ftp access and where did these "installation accessories" originate?

I'd change your swebdiza cPanel password immediately and check for 777 directories and nobody-owned files with 777 permissions and if you are the "owner" of this VPS, I'd alter that instruction to change your root password.

I'll assume here that we are only dealing with the cPanel account for swebdiza...
login via terminal/ssh as swebdiza and run these 3 commands:

What i noticed is that we are constantly generate new .htaccess file, which diverted all my sites on compromised sites. I tried to lock .htaccess and it has failed because it always overwrites the new file. If i delete it, it re-generates ... and so on. Here, these days i have stabilized the situation. I left, however, one unsolved question in this .htaccess file.

I have a small problem with the .htaccess file. If I put this file as:

Site can not be loaded (internal server Erorr 500) ... and when I download the
"Options +FollowSymLinks" it's working normally.
Where I am wrong and how it should look like what .htacces file if you do not want to appear to me to www and the URL is correct?

I manage all the files. After changing the FTP password and deleting an addon domain for which i have found that the WP mentioned PHP.WebShell infected! E2 is no longer occurring changes or changes in .htaccess php pages. Probably it was broken into my FTP code and malicious code generator was in Youtube plugin for WP. However, now that i have arranged this, the dilemma of whether to use .htaccess files for the 301 redirect or not to use it? What should not i use the framework .htacces file, given that the above code does not work?